You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/05/19 16:51:54 UTC

cxf git commit: Checking the access token hash in the tests

Repository: cxf
Updated Branches:
  refs/heads/master 3cfc25def -> bf43b5f75


Checking the access token hash in the tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/bf43b5f7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/bf43b5f7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/bf43b5f7

Branch: refs/heads/master
Commit: bf43b5f75aff033af98c3f87c65d7e68cba9f5cb
Parents: 3cfc25d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu May 19 17:15:51 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu May 19 17:15:51 2016 +0100

----------------------------------------------------------------------
 .../java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java   | 5 ++++-
 .../apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java    | 3 +++
 2 files changed, 7 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/bf43b5f7/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
index 26e8bcb..b29e16a 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
@@ -114,8 +114,11 @@ public final class OidcUtils {
         validateAccessTokenHash(at, jwt, true);
     }
     public static void validateAccessTokenHash(ClientAccessToken at, JwtToken jwt, boolean required) {
+        validateAccessTokenHash(at.getTokenKey(), jwt, required);
+    }
+    public static void validateAccessTokenHash(String accessToken, JwtToken jwt, boolean required) {
         if (required) {
-            validateHash(at.getTokenKey(),
+            validateHash(accessToken,
                          (String)jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM),
                          jwt.getJwsHeaders().getSignatureAlgorithm());
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/bf43b5f7/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
index d4ebb9c..bcf0db6 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
@@ -44,6 +44,7 @@ import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
 import org.apache.cxf.rs.security.oidc.common.IdToken;
+import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
 import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
 import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
@@ -368,6 +369,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         JwtToken jwt = jwtConsumer.getJwtToken();
         Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM));
         Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.NONCE_CLAIM));
+        OidcUtils.validateAccessTokenHash(accessToken, jwt, true);
     }
     
     @org.junit.Test
@@ -551,6 +553,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
         JwtToken jwt = jwtConsumer.getJwtToken();
         Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM));
+        OidcUtils.validateAccessTokenHash(accessToken, jwt, true);
         // TODO Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.AUTH_CODE_HASH_CLAIM));
     }